Here is an authentication request from the certificate: rad_recv: Access-Request packet from host 192.168.213.210 port 1390, id=8, length=224 Message-Authenticator = 0x6d9c4039c9d8b314ca0bb11bf518f5a0 Service-Type = Framed-User User-Name = "rahs@pomorsu.ru" Framed-MTU = 1488 Called-Station-Id = "00-17-9A-D1-44-39:localnet1" Calling-Station-Id = "00-1F-3C-3D-DF-8C" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020800190175736f77735f61646d40706f6d6f7273752e7275 NAS-IP-Address = 192.168.213.210 NAS-Port = 1 NAS-Port-Id = "STA port # 1" There is a user name. It can not be used to check via LDAP?
Сергей Усов wrote:
It's work for peap authentification, but if I use certificate authentication, the module ldap do not work
Exactly. When certificate authentication is used, you are NOT doing username/password authentication. That's what certificate authentication is for. And the ldap module does username/password checks.
So.. the two are not really compatible.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html